The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
OSTechNix

Ubuntu 26.04 LTS Resolute Raccoon Beta is Released: Here’s What’s New

Canonical released the beta version of Ubuntu 26.04 LTS Resolute Raccoon with Linux Kernel 7.0, GNOME 50 and many ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
Geeky Gadgets

Automate Excel with Office Scripts : Getting Started Guide

Office Scripts in Excel offer a structured way to automate repetitive tasks, making it easier to manage large datasets or streamline workflows. Built into the “Automate” tab of Excel’s ribbon, this ...

Jason Reitman to Produce Supernatural Thriller 71 Minutes

Shorr's spec script scared up a frenzy among producers.
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.